This post-mortem of today's Matrix prod compromise is great for its transparency and cautious response. Also a clear demonstration why dev infrastructure (Jenkins or otherwise) should not be allowed to access prod. #keepemseparated #infosec #devops https://matrix.org/blog/2019/04/11/security-incident/index.html
@kylerankin Takeaway 1: Matrix response to take down prod, rebuild from scratch in relatively short order, is commendable and all orgs should be aim to be able to do the same in similar circumstances.
@kylerankin 3: Great early post-mortem given circumstances. Affected servers, what attackers did, what Matrix did, what users should do, timelines, promises of more detail later.
@kylerankin it seems it's still not over. or at least something very strange is going on in matrix website.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!